[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Re: Proposal for an X.509-based XRI Trust Profile
Breno de Medeiros wrote on 2010-01-21: > 2. Allow root certificates to equal the signer certificate, in which > case the certificate matching step is not performed. I think this does > not add too much complexity to the spec. You'll probably have to nail that down fairly explicitly, e.g., If the signing certificate is not equal (byte for byte) to a trusted certificate, then perform matching as follows... Strictly speaking, I think a trust anchor will "validate" with depth 0 against the set of trust anchors and some code may not be able to tell the difference easily. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]